I am currently planning a backup redundancy across different servers and I was wondering what is the best practice in terms of copying / replicating encrypted data to a new server.
Can I simply copy the data from an encrypted source by using the parent account which has no encryption keys? Will I risk to loose or damage any data like this?
What I mean is. Let’s say I create Amazon remote, and a Amazon Crypt remote. Amazon Crypt points to a folder inside Amazon remote. Now I want to make a redundant copy of everything that is inside Amazon Crypt to another Gdrive remote. But I wonder if it the best practice is to unencrypt and re-encrypt data again during the copy, or if I can simply copy data using the Amazon remote parent without touching encryption? I intuitively tend to think that the second option might create less overhead for rclone, but I wonder if it is as equally safe in terms of data preservation?
I would recommend that you copy the crypt content outside of the crypt. That will be far easier for you to manage since the nonce will be the same between both. If you do it WITHIN the crypt and copy it somewhere else, the md5sums and such wont match as your recreate the nonce again.
Nick seemed to indicate this in my issue as well. Here:
Plus you can also use md5sums on the transfer where crypt doesn't support that.
@calisro
Thank a lot for the advice. I am doing this and it is working just fine.
Also, I found out that in some cases (when copying inside Crypt remotes) using the flag --checksum avoid rclone to substitute the file that already exist in the destination. Don’t know if that might help u. I have tried with copy command and not sync.